LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 05-02-2008, 03:16 PM   #1
palvit
LQ Newbie
 
Registered: May 2006
Posts: 13

Rep: Reputation: 0
SElinux problem


I am trying to setup my fedora core 8 as a ppp server. I have a winmodem and i have setup it according to following link
http://www20.brinkster.com/olivares/...d-setup-1.html and using slmodem-2.9.11-20080417.tar.gz and ungrab-winmodem-20080126 from following link
http://linmodems.technion.ac.il/packages/smartlink/

Now i can dial any phone number and thus modem is working fine.

Then i setup my ppp server using instructions from following link
http://howtoforge.com/linux_dialin_server

But when i see

#tail -f /var/log/messages

May 3 01:31:21 myisp mgetty[15229]: mod: cannot open line /dev/ttySL0: Permission denied
May 3 01:31:21 myisp mgetty[15229]: open device /dev/ttySL0 failed: Permission denied
May 3 01:31:21 myisp mgetty[15229]: cannot get terminal line dev=ttySL0, exiting: Permission denied
May 3 01:31:21 myisp init: Id "SL0" respawning too fast: disabled for 5 minutes
May 3 01:31:23 myisp setroubleshoot: #012 SELinux prevented mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l c11200ee-abc1-45f1-b64e-3e816e74a3c3

I then followed the instruction and run following command

# setsebool -P allow_daemons_use_tty=1

But SElinux keeps on giving same message every five minutes.

Also, when i login as another user and run pppd i see

# tail -f /var/log/messages
May 3 01:44:20 myisp pppd[15355]: pppd 2.4.4 started by rajdeep, uid 501
May 3 01:44:20 myisp pppd[15355]: Using interface ppp0
May 3 01:44:20 myisp pppd[15355]: Connect: ppp0 <--> /dev/tty1
May 3 01:44:22 myisp acpid: client connected from 2517[0:0]
May 3 01:44:22 myisp acpid: 1 client rule loaded

So i think pppd is working but maybe it is not able to open the modem properly.

What should i do?
 
Old 05-02-2008, 06:10 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,539
Blog Entries: 51

Rep: Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604
What does 'sealert -l c11200ee-abc1-45f1-b64e-3e816e74a3c3' return? Are there any other AVC messages?
 
Old 05-03-2008, 01:51 AM   #3
palvit
LQ Newbie
 
Registered: May 2006
Posts: 13

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by unSpawn View Post
What does 'sealert -l c11200ee-abc1-45f1-b64e-3e816e74a3c3' return? Are there any other AVC messages?
it tells me to run following

# setsebool -P allow_daemons_use_tty=1

which i run ; but after some time same message comes again and avc denies.
 
Old 05-03-2008, 05:53 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,539
Blog Entries: 51

Rep: Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604
Quote:
Originally Posted by palvit View Post
it tells me to run following
The *complete* message please.
 
Old 05-03-2008, 10:56 AM   #5
palvit
LQ Newbie
 
Registered: May 2006
Posts: 13

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by unSpawn View Post
The *complete* message please.
[root@localhost ~]# tail -f /var/log/messages

May 3 19:01:01 localhost mgetty[3793]: mod: cannot open line /dev/ttySL0: Permission denied
May 3 19:01:01 localhost mgetty[3793]: open device /dev/ttySL0 failed: Permission denied
May 3 19:01:01 localhost mgetty[3793]: cannot get terminal line dev=ttySL0, exiting: Permission denied
May 3 19:01:01 localhost mgetty[3794]: mod: cannot open line /dev/ttySL0: Permission denied
May 3 19:01:01 localhost mgetty[3794]: open device /dev/ttySL0 failed: Permission denied
May 3 19:01:01 localhost mgetty[3794]: cannot get terminal line dev=ttySL0, exiting: Permission denied
May 3 19:01:02 localhost mgetty[3798]: mod: cannot open line /dev/ttySL0: Permission denied
May 3 19:01:02 localhost mgetty[3798]: open device /dev/ttySL0 failed: Permission denied
May 3 19:01:02 localhost mgetty[3798]: cannot get terminal line dev=ttySL0, exiting: Permission denied
May 3 19:01:02 localhost init: Id "SL0" respawning too fast: disabled for 5 minutes
May 3 19:01:04 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l c11200ee-abc1-45f1-b64e-3e816e74a3c3
May 3 19:01:04 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l e0207873-9500-4bde-bc45-d20045a05afb
May 3 19:01:04 localhost setroubleshoot: #012 SELinux prevented mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l c11200ee-abc1-45f1-b64e-3e816e74a3c3
May 3 19:01:04 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l e0207873-9500-4bde-bc45-d20045a05afb
May 3 19:01:04 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l c11200ee-abc1-45f1-b64e-3e816e74a3c3
May 3 19:01:04 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l e0207873-9500-4bde-bc45-d20045a05afb
May 3 19:01:04 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l c11200ee-abc1-45f1-b64e-3e816e74a3c3
May 3 19:01:04 localhost setroubleshoot: #012 SELinux prevented mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l e0207873-9500-4bde-bc45-d20045a05afb
May 3 19:01:04 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l e0207873-9500-4bde-bc45-d20045a05afb
May 3 19:01:04 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l c11200ee-abc1-45f1-b64e-3e816e74a3c3




[root@localhost ~]# sealert -l c11200ee-abc1-45f1-b64e-3e816e74a3c3
Summary
SELinux prevented /sbin/mgetty from using the terminal <Unknown>.

Detailed Description
SELinux prevented /sbin/mgetty from using the terminal <Unknown>. In most
cases daemons do not need to interact with the terminal, usually these avc
messages can be ignored. All of the confined daemons should have dontaudit
rules around using the terminal. Please file a
http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this selinux-
policy. If you would like to allow all daemons to interact with the
terminal, you can turn on the allow_daemons_use_tty boolean.

Allowing Access
Changing the "allow_daemons_use_tty" boolean to true will allow this access:
"setsebool -P allow_daemons_use_tty=1."

The following command will allow this access:
setsebool -P allow_daemons_use_tty=1

Additional Information

Source Context system_u:system_r:getty_t:s0
Target Context system_ubject_r:unconfined_devpts_t:s0
Target Objects None [ chr_file ]
Affected RPM Packages mgetty-1.1.33-11.fc8 [application]
Policy RPM selinux-policy-3.0.8-44.fc8
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name plugins.allow_daemons_use_tty
Host Name localhost.localdomain
Platform Linux localhost.localdomain 2.6.23.1-42.fc8 #1 SMP
Tue Oct 30 13:55:12 EDT 2007 i686 i686
Alert Count 280
First Seen Fri May 2 18:13:57 2008
Last Seen Sat May 3 19:01:02 2008
Local ID c11200ee-abc1-45f1-b64e-3e816e74a3c3
Line Numbers

Raw Audit Messages

avc: denied { read write } for comm=mgetty dev=devpts egid=0 euid=0
exe=/sbin/mgetty exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name=2 pid=3798
scontext=system_u:system_r:getty_t:s0 sgid=0 subj=system_u:system_r:getty_t:s0
suid=0 tclass=chr_file tcontext=system_ubject_r:unconfined_devpts_t:s0
tty=(none) uid=0

[root@localhost ~]# setsebool -P allow_daemons_use_tty=1

[root@localhost ~]# tail -f /var/log/messages

May 3 19:03:16 localhost dbus: avc: received policyload notice (seqno=2)
May 3 19:03:16 localhost setsebool: The allow_daemons_use_tty policy boolean was changed to 1 by root

May 3 19:06:03 localhost mgetty[3815]: mod: cannot open line /dev/ttySL0: Permission denied
May 3 19:06:03 localhost mgetty[3815]: open device /dev/ttySL0 failed: Permission denied
May 3 19:06:03 localhost mgetty[3815]: cannot get terminal line dev=ttySL0, exiting: Permission denied
May 3 19:06:04 localhost mgetty[3816]: mod: cannot open line /dev/ttySL0: Permission denied
May 3 19:06:04 localhost mgetty[3816]: open device /dev/ttySL0 failed: Permission denied
May 3 19:06:04 localhost mgetty[3816]: cannot get terminal line dev=ttySL0, exiting: Permission denied
May 3 19:06:04 localhost mgetty[3817]: mod: cannot open line /dev/ttySL0: Permission denied
May 3 19:06:04 localhost mgetty[3817]: open device /dev/ttySL0 failed: Permission denied
May 3 19:06:04 localhost mgetty[3817]: cannot get terminal line dev=ttySL0, exiting: Permission denied
May 3 19:06:05 localhost mgetty[3818]: mod: cannot open line /dev/ttySL0: Permission denied
May 3 19:06:05 localhost mgetty[3818]: open device /dev/ttySL0 failed: Permission denied
May 3 19:06:05 localhost mgetty[3818]: cannot get terminal line dev=ttySL0, exiting: Permission denied
May 3 19:06:05 localhost mgetty[3819]: mod: cannot open line /dev/ttySL0: Permission denied
May 3 19:06:05 localhost mgetty[3819]: open device /dev/ttySL0 failed: Permission denied
May 3 19:06:05 localhost mgetty[3819]: cannot get terminal line dev=ttySL0, exiting: Permission denied
May 3 19:06:06 localhost mgetty[3820]: mod: cannot open line /dev/ttySL0: Permission denied
May 3 19:06:06 localhost mgetty[3820]: open device /dev/ttySL0 failed: Permission denied
May 3 19:06:06 localhost mgetty[3820]: cannot get terminal line dev=ttySL0, exiting: Permission denied
May 3 19:06:06 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l e0207873-9500-4bde-bc45-d20045a05afb
May 3 19:06:06 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l e0207873-9500-4bde-bc45-d20045a05afb
May 3 19:06:06 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l c11200ee-abc1-45f1-b64e-3e816e74a3c3
May 3 19:06:06 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l e0207873-9500-4bde-bc45-d20045a05afb
May 3 19:06:06 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l c11200ee-abc1-45f1-b64e-3e816e74a3c3
May 3 19:06:06 localhost setroubleshoot: #012 SELinux prevented mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l e0207873-9500-4bde-bc45-d20045a05afb
May 3 19:06:06 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l c11200ee-abc1-45f1-b64e-3e816e74a3c3
May 3 19:06:06 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l e0207873-9500-4bde-bc45-d20045a05afb
May 3 19:06:06 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l e0207873-9500-4bde-bc45-d20045a05afb
May 3 19:06:06 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l c11200ee-abc1-45f1-b64e-3e816e74a3c3
May 3 19:06:06 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l e0207873-9500-4bde-bc45-d20045a05afb
May 3 19:06:06 localhost setroubleshoot: #012 SELinux prevented mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l e0207873-9500-4bde-bc45-d20045a05afb
May 3 19:06:06 localhost mgetty[3821]: mod: cannot open line /dev/ttySL0: Permission denied
May 3 19:06:06 localhost mgetty[3821]: open device /dev/ttySL0 failed: Permission denied
May 3 19:06:06 localhost mgetty[3821]: cannot get terminal line dev=ttySL0, exiting: Permission denied
May 3 19:06:06 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l c11200ee-abc1-45f1-b64e-3e816e74a3c3
May 3 19:06:06 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l e0207873-9500-4bde-bc45-d20045a05afb
May 3 19:06:07 localhost mgetty[3822]: mod: cannot open line /dev/ttySL0: Permission denied
May 3 19:06:07 localhost mgetty[3822]: open device /dev/ttySL0 failed: Permission denied
May 3 19:06:07 localhost mgetty[3822]: cannot get terminal line dev=ttySL0, exiting: Permission denied
May 3 19:06:07 localhost mgetty[3823]: mod: cannot open line /dev/ttySL0: Permission denied
May 3 19:06:07 localhost mgetty[3823]: open device /dev/ttySL0 failed: Permission denied
May 3 19:06:07 localhost mgetty[3823]: cannot get terminal line dev=ttySL0, exiting: Permission denied
May 3 19:06:08 localhost mgetty[3824]: mod: cannot open line /dev/ttySL0: Permission denied
May 3 19:06:08 localhost mgetty[3824]: open device /dev/ttySL0 failed: Permission denied
May 3 19:06:08 localhost mgetty[3824]: cannot get terminal line dev=ttySL0, exiting: Permission denied
May 3 19:06:08 localhost init: Id "SL0" respawning too fast: disabled for 5 minutes
May 3 19:06:10 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l c11200ee-abc1-45f1-b64e-3e816e74a3c3
May 3 19:06:10 localhost setroubleshoot: #012 SELinux prevented mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l e0207873-9500-4bde-bc45-d20045a05afb
May 3 19:06:10 localhost setroubleshoot: #012 SELinux prevented mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l c11200ee-abc1-45f1-b64e-3e816e74a3c3
May 3 19:06:10 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l e0207873-9500-4bde-bc45-d20045a05afb
May 3 19:06:10 localhost setroubleshoot: #012 SELinux prevented mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l e0207873-9500-4bde-bc45-d20045a05afb
May 3 19:06:10 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l c11200ee-abc1-45f1-b64e-3e816e74a3c3
May 3 19:06:10 localhost setroubleshoot: #012 SELinux prevented mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l e0207873-9500-4bde-bc45-d20045a05afb
May 3 19:06:10 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l e0207873-9500-4bde-bc45-d20045a05afb
May 3 19:06:10 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l c11200ee-abc1-45f1-b64e-3e816e74a3c3
May 3 19:06:10 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l e0207873-9500-4bde-bc45-d20045a05afb
May 3 19:06:10 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l c11200ee-abc1-45f1-b64e-3e816e74a3c3

So, the problem persists even if i do as per instructed( i.e. run setsebool -P allow_daemons_use_tty=1)
 
Old 05-03-2008, 02:48 PM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,539
Blog Entries: 51

Rep: Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604
It seems that next to c11200ee-abc1-45f1-b64e-3e816e74a3c3 you have a second (related?) issue: e0207873-9500-4bde-bc45-d20045a05afb. What is the effect of using a local policy with those AVC messages?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem with Postfix and SElinux jc materi Linux - Security 1 06-22-2006 03:02 PM
SELinux problem gttommy Linux - Security 3 01-16-2006 07:25 PM
SELinux problem stormtracknole Fedora 1 11-12-2005 09:25 AM
FC3 SELinux problem richard.reyes Linux - Software 0 08-02-2005 12:21 PM
SELinux problem... casttellum Linux - Security 1 03-07-2005 11:25 PM


All times are GMT -5. The time now is 10:23 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration